CVE-2024-51245 is a command injection vulnerability identified in the DrayTek Vigor3900 router firmware version 1.5.1.3. The flaw exists in the mainfunction.cgi web interface, specifically within the rename_table function, which fails to properly sanitize user input. This improper input validation allows an attacker with low privileges to inject arbitrary commands that the system executes with the privileges of the web service. The vulnerability is classified under CWE-78 (Improper Neutralization of Special Elements used in an OS Command), indicating that shell metacharacters or commands can be injected and executed. The CVSS v3.1 base score is 8.0, reflecting high severity due to the vulnerability's ability to compromise confidentiality, integrity, and availability without requiring user interaction. The attack vector is adjacent network (AV:A), meaning the attacker must have network access to the device but not necessarily direct physical access. The attack complexity is low (AC:L), and privileges required are low (PR:L), making exploitation feasible for authenticated users with limited rights. No public exploits or patches are currently available, but the vulnerability is publicly disclosed and should be addressed promptly. The impact of successful exploitation includes full system compromise, data theft, manipulation, or denial of service.

The vulnerability allows attackers to execute arbitrary commands on affected DrayTek Vigor3900 devices, potentially leading to complete system compromise. This can result in unauthorized access to sensitive network configurations, interception or manipulation of network traffic, disruption of network services, and lateral movement within organizational networks. Confidentiality is at risk due to possible data exfiltration, integrity is compromised by unauthorized changes to device settings or firmware, and availability can be affected by denial-of-service conditions triggered by malicious commands. Organizations relying on these routers for critical network infrastructure may face significant operational disruptions and data breaches. The ease of exploitation combined with the critical nature of network devices increases the threat level globally, especially in environments where these routers are deployed at network perimeters or in sensitive segments.

Until an official patch is released by DrayTek, organizations should implement the following mitigations: 1) Restrict network access to the management interface of the Vigor3900 routers by limiting access to trusted IP addresses and using VPNs for remote management. 2) Disable or restrict access to the mainfunction.cgi interface if possible, or monitor and log all access attempts to detect suspicious activity. 3) Employ network intrusion detection and prevention systems (IDS/IPS) to identify and block command injection attempts targeting the rename_table function. 4) Enforce strong authentication mechanisms and regularly review user privileges to minimize the number of users with access to the vulnerable interface. 5) Monitor vendor communications closely for patch releases and apply updates promptly. 6) Conduct regular security audits and vulnerability scans on network devices to identify and remediate similar issues proactively. 7) Consider network segmentation to isolate vulnerable devices from critical assets to limit potential impact.